Re: Editing and storing encrypted files
On Wed, Sep 06, 2000 at 17:50:05 -0500, Herbert Ho wrote: > how about encrypted loopback? just need the crypto/int'l patch for the > kernel. no other software. but then again it doesn't use gpg That's not a disadvantage, as encrypted filesystems are a different area (protect against different threats). GPG's protocol is designed is for secure (mail) communication over an unsecure connection. As such it uses public key cryptography (e.g. Diffie-Hellman) to securely communicate session keys for conventional shared key cryptography (block ciphers like 3DES and BlowFish). In the case of encrypted filesystems, the threat you're trying to protect from isn't having to communicate over an unsecure connection, but primarily the consequences of someone gaining unauthorised access to a storage device; there is simply no need for public key cryptography in this case; shared key cryptography (using passphrases) works fine. The international kernel patch (packaged as "kernel-patch-int") supports several of the block ciphers used by gpg and others of comparable or even bigger strength (for example AES candidates like Serpent, Rijndael and TwoFish). HTH, Ray -- Tevens ben ik van mening dat Nederland overdekt dient te worden.
Re: Editing and storing encrypted files
On Wed, Sep 06, 2000 at 17:50:05 -0500, Herbert Ho wrote: > how about encrypted loopback? just need the crypto/int'l patch for the > kernel. no other software. but then again it doesn't use gpg That's not a disadvantage, as encrypted filesystems are a different area (protect against different threats). GPG's protocol is designed is for secure (mail) communication over an unsecure connection. As such it uses public key cryptography (e.g. Diffie-Hellman) to securely communicate session keys for conventional shared key cryptography (block ciphers like 3DES and BlowFish). In the case of encrypted filesystems, the threat you're trying to protect from isn't having to communicate over an unsecure connection, but primarily the consequences of someone gaining unauthorised access to a storage device; there is simply no need for public key cryptography in this case; shared key cryptography (using passphrases) works fine. The international kernel patch (packaged as "kernel-patch-int") supports several of the block ciphers used by gpg and others of comparable or even bigger strength (for example AES candidates like Serpent, Rijndael and TwoFish). HTH, Ray -- Tevens ben ik van mening dat Nederland overdekt dient te worden. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Editing and storing encrypted files
On Wed, Sep 06, 2000 at 10:22:44PM +0200, Wouter Hanegraaff wrote: > I have some files that I would like to store encrypted. Of course I can > just type them in, encrypt them using gpg and delete the original, but > that seems to be a bit of a kludge. It would mean the file is at some > time readable unencrypted (after saving in the editor), and forgetting > to turn off the backup file option in the editor when changing the file. The crypt++ package in emacs handles this. Dan
Re: Editing and storing encrypted files
On Wed, Sep 06, 2000 at 10:22:44PM +0200, Wouter Hanegraaff wrote: > I have some files that I would like to store encrypted. Of course I can > just type them in, encrypt them using gpg and delete the original, but > that seems to be a bit of a kludge. It would mean the file is at some > time readable unencrypted (after saving in the editor), and forgetting > to turn off the backup file option in the editor when changing the file. The crypt++ package in emacs handles this. Dan -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Editing and storing encrypted files
On Thu, Sep 07, 2000 at 07:19:11PM +0200, Wouter Hanegraaff wrote: > On Thu, Sep 07, 2000 at 06:11:28PM +0200, Arthur Korn wrote: > > It seems to work for me, and the .swp file is _encrypted_, no > > need to disable them. > > The .swp file is definitely not encrypted. Worse, it's not possible to > disable using a swapfile when a vim session is already started: Well, it _is_ possible to disable a swapfile, just not with ":set uc=0" as indicated in the manpage, but with ":set noswapfile". After some tweaking with the autocommands, the following vimrc snippet seems to work ok for me without creating unencrypted swap-, backup- or tempfiles on disk. Have fun, Wouter augroup encrypted au! " First make sure nothing is written to ~/.viminfo while editing " an encrypted file. autocmd BufReadPre,FileReadPre *.gpg set viminfo= " We don't want a swap file, as it writes unencrypted data to disk autocmd BufReadPre,FileReadPre *.gpg set noswapfile " Switch to binary mode to read the encrypted file autocmd BufReadPre,FileReadPre *.gpg set bin autocmd BufReadPre,FileReadPre *.gpg let ch_save = &ch|set ch=2 autocmd BufReadPost,FileReadPost*.gpg '[,']!gpg --decrypt 2> /dev/null " Switch to normal mode for editing autocmd BufReadPost,FileReadPost*.gpg set nobin autocmd BufReadPost,FileReadPost*.gpg let &ch = ch_save|unlet ch_save autocmd BufReadPost,FileReadPost*.gpg execute ":doautocmd BufReadPost " . expand("%:r") " Convert all text to encrypted text before writing autocmd BufWritePre,FileWritePre*.gpg '[,']!gpg -e -r Wouter 2> /dev/null " Undo the encryption so we are back in the normal text, directly " after the file has been written. autocmd BufWritePost,FileWritePost*.gpg u augroup END
Re: Editing and storing encrypted files
On Thu, Sep 07, 2000 at 07:19:11PM +0200, Wouter Hanegraaff wrote: > On Thu, Sep 07, 2000 at 06:11:28PM +0200, Arthur Korn wrote: > > It seems to work for me, and the .swp file is _encrypted_, no > > need to disable them. > > The .swp file is definitely not encrypted. Worse, it's not possible to > disable using a swapfile when a vim session is already started: Well, it _is_ possible to disable a swapfile, just not with ":set uc=0" as indicated in the manpage, but with ":set noswapfile". After some tweaking with the autocommands, the following vimrc snippet seems to work ok for me without creating unencrypted swap-, backup- or tempfiles on disk. Have fun, Wouter augroup encrypted au! " First make sure nothing is written to ~/.viminfo while editing " an encrypted file. autocmd BufReadPre,FileReadPre *.gpg set viminfo= " We don't want a swap file, as it writes unencrypted data to disk autocmd BufReadPre,FileReadPre *.gpg set noswapfile " Switch to binary mode to read the encrypted file autocmd BufReadPre,FileReadPre *.gpg set bin autocmd BufReadPre,FileReadPre *.gpg let ch_save = &ch|set ch=2 autocmd BufReadPost,FileReadPost*.gpg '[,']!gpg --decrypt 2> /dev/null " Switch to normal mode for editing autocmd BufReadPost,FileReadPost*.gpg set nobin autocmd BufReadPost,FileReadPost*.gpg let &ch = ch_save|unlet ch_save autocmd BufReadPost,FileReadPost*.gpg execute ":doautocmd BufReadPost " . expand("%:r") " Convert all text to encrypted text before writing autocmd BufWritePre,FileWritePre*.gpg '[,']!gpg -e -r Wouter 2> /dev/null " Undo the encryption so we are back in the normal text, directly " after the file has been written. autocmd BufWritePost,FileWritePost*.gpg u augroup END -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Editing and storing encrypted files
On Thu, Sep 07, 2000 at 06:11:28PM +0200, Arthur Korn wrote: > It seems to work for me, and the .swp file is _encrypted_, no > need to disable them. The .swp file is definitely not encrypted. Worse, it's not possible to disable using a swapfile when a vim session is already started: :set uc=0 as described in the manual, does not work: $ strings .swp b0VIM 5.6 wouter daria U3210#"! bla blie boe And this is after I opened a new vim session and set uc=0. And of course after I typed "bla blie boe". Wouter
Re: Editing and storing encrypted files
On Thu, 07 Sep 2000, Arthur Korn wrote: > Could somebody more familiar with vim than me please tell me > (us) wheter this writes anything unencrypted onto disk? If not, > shall I file a wishlist bug against vim-rt to include this? Is your swap file (not VIM's, the OS') in an encripted partition? Otherwise, unless VIM locks memory (like gnupg running suid root will try to and warn you if it fails to) you could end up with sensitive data in the swap file. A quick solution is to disable swapping first (but be sure to have enough RAM :-) ). Also, unless VIM was written in a rather secure way (gnupg was), it could easily leave sensitive data in RAM when it exits. I know of no easy solution to this problem. -- "One disk to rule them all, One disk to find them. One disk to bring them all and in the darkness grind them. In the Land of Redmond where the shadows lie." -- The Silicon Valley Tarot Henrique Holschuh pgpTrvP24lBtO.pgp Description: PGP signature
Re: Editing and storing encrypted files
Hello. I've played a bit with autocommands in vim (the first time ever I looked at them), and came up with this (shamelessly stolen from the default vimrc, there it handles *.bz2): augroup encrypted au! autocmd BufReadPre,FileReadPre*.gpg set bin autocmd BufReadPre,FileReadPre*.gpg let ch_save = &ch|set ch=2 autocmd BufReadPost,FileReadPost *.gpg '[,']!gpg --decrypt 2> /dev/null autocmd BufReadPost,FileReadPost *.gpg set nobin autocmd BufReadPost,FileReadPost *.gpg let &ch = ch_save|unlet ch_save autocmd BufReadPost,FileReadPost *.gpg execute ":doautocmd BufReadPost " . expand("%:r") autocmd BufWritePre,FileWritePre*.gpg '[,']!gpg --encrypt 2> /dev/null augroup END It seems to work for me, and the .swp file is _encrypted_, no need to disable them. Could somebody more familiar with vim than me please tell me (us) wheter this writes anything unencrypted onto disk? If not, shall I file a wishlist bug against vim-rt to include this? ciao, 2ri -- Note that there are two possible orientations of the log. If the end with the larger diameter is facing downstream, the log is said to be big-endian; otherwise, it is little-endian. -- Philip Willoughby <[EMAIL PROTECTED]> on Segfault.org
Re: Editing and storing encrypted files
On Thu, Sep 07, 2000 at 06:11:28PM +0200, Arthur Korn wrote: > It seems to work for me, and the .swp file is _encrypted_, no > need to disable them. The .swp file is definitely not encrypted. Worse, it's not possible to disable using a swapfile when a vim session is already started: :set uc=0 as described in the manual, does not work: $ strings .swp b0VIM 5.6 wouter daria U3210#"! bla blie boe And this is after I opened a new vim session and set uc=0. And of course after I typed "bla blie boe". Wouter -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Editing and storing encrypted files
On Thu, 07 Sep 2000, Arthur Korn wrote: > Could somebody more familiar with vim than me please tell me > (us) wheter this writes anything unencrypted onto disk? If not, > shall I file a wishlist bug against vim-rt to include this? Is your swap file (not VIM's, the OS') in an encripted partition? Otherwise, unless VIM locks memory (like gnupg running suid root will try to and warn you if it fails to) you could end up with sensitive data in the swap file. A quick solution is to disable swapping first (but be sure to have enough RAM :-) ). Also, unless VIM was written in a rather secure way (gnupg was), it could easily leave sensitive data in RAM when it exits. I know of no easy solution to this problem. -- "One disk to rule them all, One disk to find them. One disk to bring them all and in the darkness grind them. In the Land of Redmond where the shadows lie." -- The Silicon Valley Tarot Henrique Holschuh PGP signature
Re: Editing and storing encrypted files
Thanks all for the overwhelming response! I'll probably try cfs in the near future, as it seems a nice and elegant solution and it was recommended by a lot of people. But for a quick start, I'll use the vim auto commands, because I'm already used to vim and because it was so easy to setup (similar to editing gzip'd files (:help gzip-example in vim)). Thanks a lot!! Wouter
Re: Editing and storing encrypted files
Hello. I've played a bit with autocommands in vim (the first time ever I looked at them), and came up with this (shamelessly stolen from the default vimrc, there it handles *.bz2): augroup encrypted au! autocmd BufReadPre,FileReadPre*.gpg set bin autocmd BufReadPre,FileReadPre*.gpg let ch_save = &ch|set ch=2 autocmd BufReadPost,FileReadPost *.gpg '[,']!gpg --decrypt 2> /dev/null autocmd BufReadPost,FileReadPost *.gpg set nobin autocmd BufReadPost,FileReadPost *.gpg let &ch = ch_save|unlet ch_save autocmd BufReadPost,FileReadPost *.gpg execute ":doautocmd BufReadPost " . expand("%:r") autocmd BufWritePre,FileWritePre*.gpg '[,']!gpg --encrypt 2> /dev/null augroup END It seems to work for me, and the .swp file is _encrypted_, no need to disable them. Could somebody more familiar with vim than me please tell me (us) wheter this writes anything unencrypted onto disk? If not, shall I file a wishlist bug against vim-rt to include this? ciao, 2ri -- Note that there are two possible orientations of the log. If the end with the larger diameter is facing downstream, the log is said to be big-endian; otherwise, it is little-endian. -- Philip Willoughby <[EMAIL PROTECTED]> on Segfault.org -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Editing and storing encrypted files
On Wed, Sep 06, 2000 at 11:17:40PM +0200, Philipp Schulte wrote: > On Wed, Sep 06, 2000 at 10:22:44PM +0200, Wouter Hanegraaff wrote: > > > Hi, > > > > I have some files that I would like to store encrypted. Of course I can > > just type them in, encrypt them using gpg and delete the original, but > > that seems to be a bit of a kludge. It would mean the file is at some > > time readable unencrypted (after saving in the editor), and forgetting > > to turn off the backup file option in the editor when changing the file. > > I solved this problem with a little script: > > #!/bin/bash > gpg .dev.gpg > /dev/null > emacs .dev > rm .dev.gpg > gpg -r "Philipp Schulte" -e .dev > rm .dev > rm .dev~ > a nicer way of doing this would be to write a defun in emacs my-load-file so - it loads a file into a buffer - if the file has certain traits that encrypted files do (ie: GPG headers) pipe it through gpg file (mailcrypt does this nicely). and also write my-save-file which does the opposite - and maybe we keep track of what files have to be encrypted. C-x C-f calls my-load-file C-x C-s calls my-save-file of course emacs needs to be patches to only put its temp files in an encrypted loopback and we index them so we know where they are related. peter 'darkewolf' crystal -- email : [EMAIL PROTECTED] || [EMAIL PROTECTED] || [EMAIL PROTECTED] url : http://cyberpunks.org/darke/homepage.phtml url : http://netverse.sourceforge.net/ url : http://walledcity.sourceforge.net/ gpg key : http://cyberpunks.org/keys/darke_gpg.asc Programming , Webdesign, AI theory, Paranoia, System Administration, Network Design, Problem Solutions A disciple of another sect once came to Drescher as he was eating his morning meal. "I would like to give you this personality test", said the outsider, "because I want you to be happy." Drescher took the paper that was offered him and put it into the toaster, saying: "I wish the toaster to be happy, too." pgpOiOvv05LFM.pgp Description: PGP signature
Re: Editing and storing encrypted files
* Wouter Hanegraaff | Is something like this available? $apt-cache show crypt++el Package: crypt++el Version: 2.87-2 Priority: extra Section: editors Maintainer: Christoph Martin <[EMAIL PROTECTED]> Depends: emacsen Recommends: mailcrypt Architecture: all FileName: dists/potato/main/binary-all/editors/crypt++el_2.87-2.deb Size: 35832 Installed-Size: 143 MD5sum: 5d1a32288c1012f7de8ca8d02bf00522 Description: Emacs-Lisp Code for handling compressed and encrypted files Code for handling all sorts of compressed and encrypted files like: .gz, .tar.gz, .Z, .zip, PGP etc. -- Tollef Fog Heen Unix _IS_ user friendly... It's just selective about who its friends are.
Re: Editing and storing encrypted files
Wouter Hanegraaff wrote: > > Hi, > > I have some files that I would like to store encrypted. Of course I can > just type them in, encrypt them using gpg and delete the original, but > that seems to be a bit of a kludge. It would mean the file is at some > time readable unencrypted (after saving in the editor), and forgetting > to turn off the backup file option in the editor when changing the file. > > There must be better solutions, but I can't seem to find them. What I > would like to have is an editor that has built-in encryption or gpg > integration, and the option not to store any non-encrypted data on disk > or on the clipboard. > > Is something like this available? Try seahorse package. You can decrypt from file to text editor, edit text, then encrypt it back into file. I use it like this. -- Ondřej Surý <[EMAIL PROTECTED]> Globe Internet s.r.o.http://globe.cz/ Tel: +420235365000 Fax: +420235365009 Pláničkova 1, 162 00 Praha 6 Mob: +420602667702 ICQ: 24944126 Mapa: http://globe.namape.cz/ NAJDI.TO http://najdi.to/Chief Administrator and Developer.
Re: Editing and storing encrypted files
Thanks all for the overwhelming response! I'll probably try cfs in the near future, as it seems a nice and elegant solution and it was recommended by a lot of people. But for a quick start, I'll use the vim auto commands, because I'm already used to vim and because it was so easy to setup (similar to editing gzip'd files (:help gzip-example in vim)). Thanks a lot!! Wouter -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Editing and storing encrypted files
On Wed, Sep 06, 2000 at 11:17:40PM +0200, Philipp Schulte wrote: > On Wed, Sep 06, 2000 at 10:22:44PM +0200, Wouter Hanegraaff wrote: > > > Hi, > > > > I have some files that I would like to store encrypted. Of course I can > > just type them in, encrypt them using gpg and delete the original, but > > that seems to be a bit of a kludge. It would mean the file is at some > > time readable unencrypted (after saving in the editor), and forgetting > > to turn off the backup file option in the editor when changing the file. > > I solved this problem with a little script: > > #!/bin/bash > gpg .dev.gpg > /dev/null > emacs .dev > rm .dev.gpg > gpg -r "Philipp Schulte" -e .dev > rm .dev > rm .dev~ > a nicer way of doing this would be to write a defun in emacs my-load-file so - it loads a file into a buffer - if the file has certain traits that encrypted files do (ie: GPG headers) pipe it through gpg file (mailcrypt does this nicely). and also write my-save-file which does the opposite - and maybe we keep track of what files have to be encrypted. C-x C-f calls my-load-file C-x C-s calls my-save-file of course emacs needs to be patches to only put its temp files in an encrypted loopback and we index them so we know where they are related. peter 'darkewolf' crystal -- email : [EMAIL PROTECTED] || [EMAIL PROTECTED] || [EMAIL PROTECTED] url : http://cyberpunks.org/darke/homepage.phtml url : http://netverse.sourceforge.net/ url : http://walledcity.sourceforge.net/ gpg key : http://cyberpunks.org/keys/darke_gpg.asc Programming , Webdesign, AI theory, Paranoia, System Administration, Network Design, Problem Solutions A disciple of another sect once came to Drescher as he was eating his morning meal. "I would like to give you this personality test", said the outsider, "because I want you to be happy." Drescher took the paper that was offered him and put it into the toaster, saying: "I wish the toaster to be happy, too." PGP signature
Re: Editing and storing encrypted files
* Wouter Hanegraaff | Is something like this available? $apt-cache show crypt++el Package: crypt++el Version: 2.87-2 Priority: extra Section: editors Maintainer: Christoph Martin <[EMAIL PROTECTED]> Depends: emacsen Recommends: mailcrypt Architecture: all FileName: dists/potato/main/binary-all/editors/crypt++el_2.87-2.deb Size: 35832 Installed-Size: 143 MD5sum: 5d1a32288c1012f7de8ca8d02bf00522 Description: Emacs-Lisp Code for handling compressed and encrypted files Code for handling all sorts of compressed and encrypted files like: .gz, .tar.gz, .Z, .zip, PGP etc. -- Tollef Fog Heen Unix _IS_ user friendly... It's just selective about who its friends are. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Editing and storing encrypted files
Wouter Hanegraaff wrote: > > Hi, > > I have some files that I would like to store encrypted. Of course I can > just type them in, encrypt them using gpg and delete the original, but > that seems to be a bit of a kludge. It would mean the file is at some > time readable unencrypted (after saving in the editor), and forgetting > to turn off the backup file option in the editor when changing the file. > > There must be better solutions, but I can't seem to find them. What I > would like to have is an editor that has built-in encryption or gpg > integration, and the option not to store any non-encrypted data on disk > or on the clipboard. > > Is something like this available? Try seahorse package. You can decrypt from file to text editor, edit text, then encrypt it back into file. I use it like this. -- Ondřej Surý <[EMAIL PROTECTED]> Globe Internet s.r.o.http://globe.cz/ Tel: +420235365000 Fax: +420235365009 Pláničkova 1, 162 00 Praha 6 Mob: +420602667702 ICQ: 24944126 Mapa: http://globe.namape.cz/ NAJDI.TO http://najdi.to/Chief Administrator and Developer. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Editing and storing encrypted files
how about encrypted loopback? just need the crypto/int'l patch for the kernel. no other software. but then again it doesn't use gpg there's a howto for it on linuxdoc.org. herb On Wed, Sep 06, 2000 at 10:22:44PM +0200, Wouter Hanegraaff wrote: > Hi, > > I have some files that I would like to store encrypted. Of course I can > just type them in, encrypt them using gpg and delete the original, but > that seems to be a bit of a kludge. It would mean the file is at some > time readable unencrypted (after saving in the editor), and forgetting > to turn off the backup file option in the editor when changing the file. > > There must be better solutions, but I can't seem to find them. What I > would like to have is an editor that has built-in encryption or gpg > integration, and the option not to store any non-encrypted data on disk > or on the clipboard. > > Is something like this available? > > Wouter > > > -- > Unsubscribe? mail -s unsubscribe [EMAIL PROTECTED] < /dev/null
Re: Editing and storing encrypted files
On Wed, Sep 06, 2000 at 10:22:44PM +0200, Wouter Hanegraaff wrote: > I have some files that I would like to store encrypted. Of course I can See also PPDD: http://linux01.gwdg.de/~alatham/ppdd.html
Re: Editing and storing encrypted files
On Wed, Sep 06, 2000 at 10:22:44PM +0200, Wouter Hanegraaff wrote: > Hi, > > I have some files that I would like to store encrypted. Of course I can > just type them in, encrypt them using gpg and delete the original, but > that seems to be a bit of a kludge. It would mean the file is at some > time readable unencrypted (after saving in the editor), and forgetting > to turn off the backup file option in the editor when changing the file. Correct. > There must be better solutions, but I can't seem to find them. What I > would like to have is an editor that has built-in encryption or gpg > integration, and the option not to store any non-encrypted data on disk > or on the clipboard. > > Is something like this available? Have you considered using an encrypted filesystem? The advantage to this is that the blocks are encrypted on the filesystem then decrypted on the fly. >From the TCFS FAQ: "TCFS is a Transparent Cryptographic File System that is a suitable solution to the problem of privacy for distributed file system. By a deeper integration between the encryption service and the file system, it results in a complete transparency of use to the user applications. Files are stored in encrypted form and are decrypted before they are read. The encryption/decryption process takes place on the client machine and thus the encryption/decryption key never travels on the network." Since the encryption/decryption is done on the fly for the person holding the key for the encrypted mount, privacy would be enhanced. Basically TCFS and similar encrypted filesystems are NFS-like, so as long as the directory from which you are editing the file within should be encrypted. The downside to this is that drive access will be considerably slower. -- --Brad Bradley M. Alexander, CISSP | Co-Chairman, Beowulf System Admin/Security Specialist |NoVALUG/DCLUG Security SIG Winstar Telecom | [EMAIL PROTECTED] (703) 889-1049 | [EMAIL PROTECTED] I have a firm grasp on reality. Now I can strangle it.
Re: Editing and storing encrypted files
On Wed, Sep 06, 2000 at 10:22:44PM +0200, Wouter Hanegraaff wrote: > Hi, > > I have some files that I would like to store encrypted. Of course I can > just type them in, encrypt them using gpg and delete the original, but > that seems to be a bit of a kludge. It would mean the file is at some > time readable unencrypted (after saving in the editor), and forgetting > to turn off the backup file option in the editor when changing the file. > > There must be better solutions, but I can't seem to find them. What I > would like to have is an editor that has built-in encryption or gpg > integration, and the option not to store any non-encrypted data on disk > or on the clipboard. > > Is something like this available? There are several possibilities. A great deal depends on your threat model: What are you trying to protect against? It sounds like you're worried about someone searching your raw disk and recovering data. For that, you probably want to encrypt entire partitions, and also make sure swap and /tmp are protected. There's good discussion and several possibilities listed in the Encryption-HOWTO: (http://fachschaft.physik.uni-bielefeld.de/leute/marc/Encryption-HOWTO/Encryption-HOWTO.html) I personally would be tempted to use Matt Blaze's CFS (ftp://research.att.com/dist/mab/cfs.announce), but I actually store all of my sensitive files on a separate secured machine. (no network daemons, etc.) If you have more extreme secrecy needs, you might want to look into duress filesystems or steganographic file storage. Those are only really useful if you might need to plausibly deny that you had the encrypted files at all. I'm also not aware of any available implementations. Jon Leonard
Re: Editing and storing encrypted files
On Wed, Sep 06, 2000 at 10:22:44PM +0200, Wouter Hanegraaff wrote: > Hi, > > I have some files that I would like to store encrypted. Of course I can > just type them in, encrypt them using gpg and delete the original, but > that seems to be a bit of a kludge. It would mean the file is at some > time readable unencrypted (after saving in the editor), and forgetting > to turn off the backup file option in the editor when changing the file. I solved this problem with a little script: #!/bin/bash gpg .dev.gpg > /dev/null emacs .dev rm .dev.gpg gpg -r "Philipp Schulte" -e .dev rm .dev rm .dev~ .dev is my encrypted file. Phil
Re: Editing and storing encrypted files
how about encrypted loopback? just need the crypto/int'l patch for the kernel. no other software. but then again it doesn't use gpg there's a howto for it on linuxdoc.org. herb On Wed, Sep 06, 2000 at 10:22:44PM +0200, Wouter Hanegraaff wrote: > Hi, > > I have some files that I would like to store encrypted. Of course I can > just type them in, encrypt them using gpg and delete the original, but > that seems to be a bit of a kludge. It would mean the file is at some > time readable unencrypted (after saving in the editor), and forgetting > to turn off the backup file option in the editor when changing the file. > > There must be better solutions, but I can't seem to find them. What I > would like to have is an editor that has built-in encryption or gpg > integration, and the option not to store any non-encrypted data on disk > or on the clipboard. > > Is something like this available? > > Wouter > > > -- > Unsubscribe? mail -s unsubscribe [EMAIL PROTECTED] < /dev/null -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Editing and storing encrypted files
On Wed, Sep 06, 2000 at 10:22:44PM +0200, Wouter Hanegraaff wrote: > I have some files that I would like to store encrypted. Of course I can See also PPDD: http://linux01.gwdg.de/~alatham/ppdd.html -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Editing and storing encrypted files
Hi, I have some files that I would like to store encrypted. Of course I can just type them in, encrypt them using gpg and delete the original, but that seems to be a bit of a kludge. It would mean the file is at some time readable unencrypted (after saving in the editor), and forgetting to turn off the backup file option in the editor when changing the file. There must be better solutions, but I can't seem to find them. What I would like to have is an editor that has built-in encryption or gpg integration, and the option not to store any non-encrypted data on disk or on the clipboard. Is something like this available? Wouter
Re: Editing and storing encrypted files
On Wed, Sep 06, 2000 at 10:22:44PM +0200, Wouter Hanegraaff wrote: > Hi, > > I have some files that I would like to store encrypted. Of course I can > just type them in, encrypt them using gpg and delete the original, but > that seems to be a bit of a kludge. It would mean the file is at some > time readable unencrypted (after saving in the editor), and forgetting > to turn off the backup file option in the editor when changing the file. Correct. > There must be better solutions, but I can't seem to find them. What I > would like to have is an editor that has built-in encryption or gpg > integration, and the option not to store any non-encrypted data on disk > or on the clipboard. > > Is something like this available? Have you considered using an encrypted filesystem? The advantage to this is that the blocks are encrypted on the filesystem then decrypted on the fly. >From the TCFS FAQ: "TCFS is a Transparent Cryptographic File System that is a suitable solution to the problem of privacy for distributed file system. By a deeper integration between the encryption service and the file system, it results in a complete transparency of use to the user applications. Files are stored in encrypted form and are decrypted before they are read. The encryption/decryption process takes place on the client machine and thus the encryption/decryption key never travels on the network." Since the encryption/decryption is done on the fly for the person holding the key for the encrypted mount, privacy would be enhanced. Basically TCFS and similar encrypted filesystems are NFS-like, so as long as the directory from which you are editing the file within should be encrypted. The downside to this is that drive access will be considerably slower. -- --Brad Bradley M. Alexander, CISSP | Co-Chairman, Beowulf System Admin/Security Specialist |NoVALUG/DCLUG Security SIG Winstar Telecom | [EMAIL PROTECTED] (703) 889-1049 | [EMAIL PROTECTED] I have a firm grasp on reality. Now I can strangle it. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]